CVE-2017-10669
Published Jun 30, 2017
Last updated 7 years ago
Overview
- Description
- Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-347
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC7159A3-28E0-4AE2-A2A5-7B5F44D7305F"
},
{
"criteria": "cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F00B66D-46D7-4D58-A1A0-7BA1AD5C0EEE"
}
],
"operator": "OR"
}
]
}
]